End-of-Shift report
Timeframe: Mittwoch 14-01-2015 18:00 − Donnerstag 15-01-2015 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
CryptoWall 3.0 Uses I2P Anonymity Network For CC Communications (SecurityWeek)
Almost two months have passed since the developers of CryptoWall released an updated version of the threat, but now they’re back to work. The malware, distributed via spam and malvertising campaigns, helped cybercriminals make a lot of money last year so it’s not surprising that its authors continue improving it.
http://www.securityweek.com/cryptowall-30-uses-i2p-anonymity-network-cc-communications
AdSense Abused with Malvertising Campaign
Last weekend we noticed a large number of requests to scan websites for malware because they randomly redirected to some "magazine" websites. Most of them mentioned the lemode-mgz .com site. In all cases, the symptoms were the same. Some users randomly got redirected when they clicked on links or loaded new pages. They all reported...
http://blog.sucuri.net/2015/01/adsense-abused-with-malvertising-campaign.html
Anatomy Of A Cyber-Physical Attack (Dark Reading)
"If you only consider hackers, you don’t have to be concerned that much. They won't be able to take down a power grid or blow up chemical facilities," says Ralph Langer, founder of Langner Communications and a top Stuxnet expert. The danger is when attackers have an understanding of the physical and engineering aspects of the plant or site they are targeting, he says.
http://www.darkreading.com/vulnerabilitiesthreats/anatomy-of-a-cyber-physical-attack-/d/d-id/1318624?_mc=RSS_DR_EDT
Kritik an Apples Zwei-Faktor-Schutz
Apples zweistufige Bestätigung deckt mehrere Cloud-Dienste des Konzerns gar nicht ab, bemängelt eine Nutzerin - ein Angreifer könne auf diese Weise tiefe Einblicke erhalten.
http://heise.de/-2517903
Private Schlüssel: Gitrob sucht sensible Daten bei Github
Immer wieder tauchen Daten wie private Schlüssel oder Passwörter in Github-Repositories auf. Mit Hilfe von Gitrob sollen diese gefunden werden können, um sich besser zu schützen. Das öffnet aber auch die Möglichkeiten für einen interessanten Angriff.
http://www.golem.de/news/private-schluessel-gitrob-sucht-sensible-daten-bei-github-1501-111728-rss.html
Security and Military Experts Fall For "Open" Wi-Fi
According to The Local, an English-language newspaper in Sweden, Gustav Nipe watched earlier this week as around 100 politicians, military officers and journalists logged into a network called “Open Guest” and proceeded to search for various non-work-related things including “forest hikes” and monitor eBay auctions.
https://www.f-secure.com/weblog/archives/00002783.html
ATM: Attacking Multichannel Fraud (InfoRiskToday)
The increasing globalization of fraud perpetrated by sophisticated organized crime rings has spurred unprecedented growth in cross-channel attacks, security experts from three of the world's leading ATM manufacturers say.
That's why ATM deployers can no longer build defenses that focus solely on the ATM channel, executives from Diebold Inc., Wincor Nixdorf AG and NCR Corp. say in this final part of an exclusive three-part interview with Information Security Media Group.
http://www.inforisktoday.com/interviews/atm-attacking-multichannel-fraud-i-2551
Patchday: Adobe schließt neun Lücken in Flash
Die Lücken, die Adobe nun in Flash geschlossen hat, betreffen alle Plattformen. Nutzer sollten die Updates schnellstmöglich installieren, da sie Angriffe aus dem Netz ermöglichen.
http://heise.de/-2517426
Cybercrime: Hacking als aufstrebender Wirtschaftszweig in Österreich
Internet-Sicherheitsbericht 2014 präsentiert - Ungeschützte Smartphones und Tablets als Ziele
http://derstandard.at/2000010445114
JSA10669 - 2015-01 Security Bulletin: Junos: Multiple vulnerabilities in libxml2 library
http://kb.juniper.net/index/content&id=JSA10669&actp=RSS
JSA10667 - 2015-01 Security Bulletin: Junos: Privilege escalation vulnerability (CVE-2014-6384)
http://kb.juniper.net/index/content&id=JSA10667&actp=RSS
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
CVE-2014-8022
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8022
Cisco Unified Communications Domain Manager Admin GUI DoS Vulnerability
CVE-2015-0591
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0591
Simple Security plugin for WordPress wp-admin/users.php script cross-site scripting
http://xforce.iss.net/xforce/xfdb/99931
SA-CONTRIB-2015-022 - nodeauthor - Cross Site Scripting (XSS) - Unsupported
Advisory ID: DRUPAL-SA-CONTRIB-2015-022Project: nodeauthor (third-party module)Version: 7.xDate: 2015-January-14Security risk: 12/25 ( Moderately Critical) AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescriptionThis module displays node author information in a jQuery slider.The module doesnt sufficiently sanitize Profile2 fields in a provided block.This vulnerability is mitigated by the fact that an attacker must have a user account allowed to
https://www.drupal.org/node/2407401
SA-CONTRIB-2015-021 - Content Analysis - Cross Site Scripting (XSS)
Advisory ID: DRUPAL-SA-CONTRIB-2015-021Project: Content Analysis (third-party module)Version: 6.xDate: 2014-January-14Security risk: 16/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescriptionThe Content Analysis module is an API designed to help modules that need to analyze content.The module fails to sanitize user input in log messages, leading to a Cross Site Scripting (XSS) vulnerability.This vulnerability is mitigated by the fact
https://www.drupal.org/node/2407395
SA-CONTRIB-2015-020 - Contact Form Fields - Cross Site Request Forgery (CSRF)
Advisory ID: DRUPAL-SA-CONTRIB-2015-020Project: Contact form fields (third-party module)Version: 6.xDate: 2014-January-14Security risk: 13/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site Request ForgeryDescriptionThe Contact Form Fields module enables you to create additional fields to site-wide contact form.Some links were not properly protected from CSRF. A malicious user could cause an administrator to delete fields by getting the
https://www.drupal.org/node/2407357
SA-CONTRIB-2015-018 - Video - Cross Site Scripting (XSS)
Advisory ID: DRUPAL-SA-CONTRIB-2015-018Project: Video (third-party module)Version: 7.xDate: 2015-January-14Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescriptionThis module enables you to upload, convert and playback videos.The module doesnt sufficiently sanitize node titles when using the video WYSIWYG plugin, thereby opening a Cross Site Scripting (XSS) vulnerability.This vulnerability is mitigated by
https://www.drupal.org/node/2407341
SA-CONTRIB-2015-015 - Term Merge - Cross Site Scripting (XSS)
Advisory ID: DRUPAL-SA-CONTRIB-2015-015Project: Term merge (third-party module)Version: 7.xDate: 2015-January-14Security risk: 12/25 ( Moderately Critical) AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescriptionThis module enables you to merge (synonymous) taxonomy terms among themselves.The module doesnt sufficiently filter user input under certain conditions, thereby opening a Cross Site Scripting (XSS) vulnerability.This vulnerability is
https://www.drupal.org/node/2407315
PHPKIT result cross-site scripting
http://xforce.iss.net/xforce/xfdb/99904